PDA

View Full Version : For who has installed Growtopia mods simulator?



michaelhans10
03-24-2016, 04:19 PM
Does your computer often stop responding when you attempt to start a program, open a webpage or even open a Word document file? When running an antivirus program to scan your system, you find that there is an infection named remote access trojan(RAT) on your computer? Why did the antivirus software fail to protect your computer from the Trojan? How can you effectively and completely remove remote access trojan(RAT)?


Please try a professional trojan horse removal tool to remove this trojan horse once you can't remove it through the manual removal guide below.

How to fix rat~>
https://answers.yahoo.com/question/index?qid=20130602204022AAg3lq8
How to removes virus such like rats ~>
http://www.tomshardware.com/faq/id-1890953/manually-remove-virus-computer.html
http://removecomputerthreat.weebly.com/blog/how-to-easily-remove-remote-access-trojanrat-remove-trojan-horse-from-your-computer
See the link( For more informations)

remote access trojan(RAT) Introduction:

remote access trojan(RAT) is one of the newly discovered computer virus that is designed by cyber hackers to obtain illegal gains from compromised computers’ user. It’s a rampant virus that can be delivered by spam emails, hijacked website and insecure programs. Most of time, this Trojan virus can still attack your computer even you have an antivirus program safeguard your computer. For this reason, we all shall be more careful when we are viewing anything online.

remote access trojan(RAT) is capable of installing itself on the target machine within a short time without your knowledge. It can silently make modification on the Windows registry as well as crucial system settings and options, which will offer it the access to the deep of the system and perform undesirable task as soon as you turn on the system. It is wise to get rid of the Trojan from your computer in time. The infected computer will perform very slowly and weirdly. You will not be able to use the computer for work. What’s more, you may often receive the pop-up messages saying that the program you are running stops responding. The slow performance will make your work inefficient. Some files on your computer may be missing. Those data are still in the computer, but they are hidden by the virus and you have no way to make them show up. Furthermore, the Trojan virus may bring more and more other cyber infections to the same machine, which making the situation worse. Furthermore, this Trojan virus can watch what you are doing on the computer and send the sensitive information collected to the remote hackers. The reason why remote access trojan(RAT) can stay in your computer for a long time is its capacity to trespass the system security utility, such as system firewall and authentic security software, through the way of pretending to be a system component. You should remove remote access trojan(RAT) manually as soon as possible.

The Manual removal is effective but not for everyone, especially for a regular PC user. If you have difficulty in removing remote access trojan(RAT), it is suggested to download an advanced removal tool on your computer to get rid of the Trojan automatically and safely.

How to get rid of a RAT virus?
Best answer:) V


a RAT is a remote access tool. This will allow someone to connect to your machine and control it (remotely). If it was simply a .jpg file and opened a picture, it is not likely that it was the problem. If it tried to run as an application, then there is a problem. (the .exe was likely hidden)
There are a few things that you should download and run.

(Links for these apps below each section)

1. First you need to ensure you have a decent antivirus (free ones are fine)
#Good free AV options (that won't slow down your PC)
BitDefender Free
Ad-Aware AntiVirus Free
Microsoft Security Essentials

http://www.bitdefender.com/solutions/free.html
http://www.lavasoft.com/products/ad_aware_free.php
http://www.microsoft.com/en-us/download/details.aspx?id=5201

2. You will need a malware scanner (slightly different. Does not provide real-time protection, but has high detection rates when scanned manually)
#Hitman Pro uses 3 different top antivirus scannign engines for excellent detection rates. It will identify infections, but will not remove them unless registered.
#MalwareBytes on the other hand is totally free for home users.

http://www.surfright.nl/en/hitmanpro/
http://www.malwarebytes.org/products/malwarebytes_free/

3. Run a rootkit scanner to detect malicious registry settings.
MalwareBytes Anti-Rootkit
RogueKiller

http://www.malwarebytes.org/products/mbar/
http://tigzy.geekstogo.com/roguekiller.php

If it will make things easier, I would recommend using the following apps, (Links provided above)

I would recommend
BitDefender Free AV
(Install Bitdefender if you don't already have one of the following antiviruses; Emsisoft AV, F-Secure AV, BitDefender AV, GData AV or Kaspersky AV)
MalwareBytes Anti-Malware
MalwareBytes Anti-Rootkit

Once installed, install and scan using each of these apps. This should detect any infections and allow you to remove them.

Another post(Guide) :

How To Manually Remove a Virus From Your Computer

Learn how to manually remove virus easily from your PC by watching this video:



This guide focuses on manually removing viruses and malware from your computer. If you want to use an anti-virus program instead, please check out this tutorial written by Burritobob. This tutorial's best intention is focused around removing RAT and Keylogger viruses.

Step 1
Run msconfig and look for suspicious files. Here we see one. It’s unknown, and it also has a startup key that we’ve never seen until recently. Uncheck it from start up and/or from services.


If you think you are being monitored. Open Command Prompt and do the following


Step 2
Boot into safe mode. This can be done by checking the box in the “boot” tab in msconfig.


Step 3
Run msconfig in safe mode and we can see it’s checked because the virus is persistent. The virus will not be running however, due to the fact that we are currently in safe mode.


Step 4
Navigate to the registry. We are doing this in safe mode because some viruses disable the registry.
Note: Be sure your folder options are set to show hidden files and folders


Step 5
Navigate to the location of the virus. If you are not sure which one is a virus, locate to all of the following possible locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run


Step 6
Section a) if you are unsure if it is a virus of not, right click the suspected file{s} and click modify


Since you are unsure of the integrity of the file, put a “:” in front of the value data. This will disable the start up of the virus but it will still be in your computer.


Section b) if you are certain that you’ve found the virus (like I have in the picture) you can delete the registry entry.


Step 7
Be certain it is gone; it shouldn’t even be listed as a startup item anymore.


Step 8
To be certain, use CCleaner to scan the registry and fix any issues there are.


Recap
Hopefully this should’ve gotten your computer rid of any viruses. It is recommended to download the latest version of an Anti-Virus program and scan your computer fully even after doing this.

Please Note: If you still feel insecure it is recommended to do a clean reinstall of Windows. After reinstalling, install Microsoft Security Essentials as it is the most trusted anti-virus.

Thank you for reading :)

Another guide(more specific):How to Easily Remove remote access trojan(RAT) - Remove Trojan Horse from Your Computer?



Does your computer often stop responding when you attempt to start a program, open a webpage or even open a Word document file? When running an antivirus program to scan your system, you find that there is an infection named remote access trojan(RAT) on your computer? Why did the antivirus software fail to protect your computer from the Trojan? How can you effectively and completely remove remote access trojan(RAT)?

Friendly Reminder: Please try a professional trojan horse removal tool to remove this trojan horse once you can't remove it through the manual removal guide below.
















remote access trojan(RAT) Introduction:

remote access trojan(RAT) is one of the newly discovered computer virus that is designed by cyber hackers to obtain illegal gains from compromised computers’ user. It’s a rampant virus that can be delivered by spam emails, hijacked website and insecure programs. Most of time, this Trojan virus can still attack your computer even you have an antivirus program safeguard your computer. For this reason, we all shall be more careful when we are viewing anything online.

remote access trojan(RAT) is capable of installing itself on the target machine within a short time without your knowledge. It can silently make modification on the Windows registry as well as crucial system settings and options, which will offer it the access to the deep of the system and perform undesirable task as soon as you turn on the system. It is wise to get rid of the Trojan from your computer in time. The infected computer will perform very slowly and weirdly. You will not be able to use the computer for work. What’s more, you may often receive the pop-up messages saying that the program you are running stops responding. The slow performance will make your work inefficient. Some files on your computer may be missing. Those data are still in the computer, but they are hidden by the virus and you have no way to make them show up. Furthermore, the Trojan virus may bring more and more other cyber infections to the same machine, which making the situation worse. Furthermore, this Trojan virus can watch what you are doing on the computer and send the sensitive information collected to the remote hackers. The reason why remote access trojan(RAT) can stay in your computer for a long time is its capacity to trespass the system security utility, such as system firewall and authentic security software, through the way of pretending to be a system component. You should remove remote access trojan(RAT) manually as soon as possible.

The Manual removal is effective but not for everyone, especially for a regular PC user. If you have difficulty in removing remote access trojan(RAT), it is suggested to download an advanced removal tool on your computer to get rid of the Trojan automatically and safely.



Manually Remove remote access trojan(RAT) - Remove Trojan Horse Virus Step by Step

remote access trojan(RAT) is a dangerous computer infection that gets into the target computers secretly without consent. It causes your computer to function abnormally and drops additional threats to further destroy your computer. Furthermore, it has conflicts with many system programs. It is strongly suggested that you get it out of your computer without hesitation. Please follow the manual removal guide given below to remove this threat immediately.

Step1: Stop related processes

[random.exe]

For Windows 7 / Windows Vista

1、Right-click on Task Bar and click click Task Manager;
2、swich to Processes tab, right-click on the processes associated with the virus and click End Process

For Windows 8 / 8.1

1、Right-click on Task Bar and click click Task Manager;
2、Under the Processes tab, right-click on the processes related with the virus and click End Process

Step2: Show all hidden files

For Windows 7 / Vista

1、Click and open Libraries
2、Under the Folder Options category of Tools , click on Show Hidden Files or Folders.
3、Under the Hidden files and folders section, select the radio button labeled Show hidden files, folders, or drives.
4、Remove the checkmark from the checkbox labeled Hide extensions for known file types.
5、Remove the checkmark from the checkbox labeled Hide protected operating system files (Recommended).
6、Press the Apply button and then the OK button.

For Windows 8 /8.1

1、Click on Windows Explorer.
2、Click on View tab.
3、Check the "Hidden Items" box

Step3: Erase remote access trojan(RAT) Virus related of files

%UserProfile%\[random].exe
%ProgramFiles%\Internet Explorer\Connection Wizard\[random]
%Windir%\Microsoft.NET\Framework\[random].exe
%Temp%\[random].bat

Step4: Terminate these Registry Entries created by remote access trojan(RAT).

For Windows 7 /Vista, and Windows 8 /8.1:

1、Keep pressing "Windows+R" keys on your keyboard.
2、Type "Regedit" into the Run box and click OK to open Registry Editor.
3、Find out and delete malicious files below:

HKEY_CLASSES_ROOT\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 "(Default)" = "\.dll"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "courts" = %AppData%\p1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\[random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "SD2014" = "%AppData%\\.exe"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open \command "(Default)" = "%LocalAppData%\.exe" -a "%1" %*
Note: Of course, it's highly recommended that you should remove trojan horse in a professional way if there are still some similar probelms with your computer.

In conclusion, remote access trojan(RAT) is a harmful system invader which is designed by cyber hackers with notorious black- hat techniques and can distribute itself around the world. If you have installed Windows operating system and you seldom care about virus invasion problems when surfing the Internet, your PC can possibly be infested by it. Once infected by the virus, the system may get crushed. Since it compromises system, the whole computer reacts slowly and the entire computer performance hugely declines. Therefore, to protect both your computer and your personal privacy, you have to get rid of remote access trojan(RAT) immediately. Moreover, it's clever for you to set up a professional malware removal tool to detect and remove all the feasilbe infections.

Ps: this is FULL Guide about how to remove Rat/trojan.
"Hope everyone is safe! "

Bonus (Video):

https://m.youtube.com/watch?v=MwhkmvLCNs0
https://m.youtube.com/watch?v=yEzBHVf-iFM

Thanks for reading Forumers! Stay safe!

MyLegGuy
03-24-2016, 04:21 PM
If I got it, I would just format my entire computer and install Windows again.

The guy on that Yahoo answers page said he downloaded a jpg. I wonder if it was a .jpg.exe and he had file extensions hidden.

CodeSky
03-24-2016, 04:29 PM
So... Mod Simulator is a rat?




Yes it is.

Spotlight
03-24-2016, 09:24 PM
Want to know how to get rid of a RAT on your computer?
Factory reset your entire computer, it is the best way.

lsaac2
03-24-2016, 09:37 PM
If you look up Dark Comet RAT remover, there's a tool that'll easily find and remove a Dark comet RAT.

However, it may have been a RAT from another program.

genpasaporte922
03-24-2016, 10:09 PM
Pushing this up for such a very good guide.

michaelhans10
03-25-2016, 04:05 AM
Guide completed :)

misascool
03-25-2016, 04:18 AM
Nice guide...

iStolen
03-25-2016, 08:29 AM
UPDATE: It seems it is a key logger. I didn't find anything in Program Files, Startup, Task Manager etc.
If it is a RAT, it is very well hidden then.

Vege
03-25-2016, 09:01 AM
Deleting system32 is very a efficient way to remove ALL malware from your computer. As well as all other files.

Pointer
03-25-2016, 09:10 AM
Luckily, Growtopia has thought me how to be skeptical. When the Growtopia Mod Simulator was out, i smelled something fishy.That was because I had my skepticles on, get it? Oh well, I wonder if the creator got perma-banned.

iStolen
03-25-2016, 02:39 PM
Deleting system32 is very a efficient way to remove ALL malware from your computer. As well as all other files.

If some people would take your comment seriously, their PC would lose Windows because of you.

SILC
03-25-2016, 02:41 PM
UPDATE: It seems it is a key logger. I didn't find anything in Program Files, Startup, Task Manager etc.
If it is a RAT, it is very well hidden then.

Why did you even download it on the first place..
Never download untrusted files/ auto's of growtopia

Rockytop
03-25-2016, 02:54 PM
Who really believes a serf about that mod simulator? (Besides kids)

peck
03-25-2016, 03:26 PM
If I got it, I would just format my entire computer and install Windows again.

This. If it were something as old as dark comet, most antivirus's would it get it, otherwise you can only wipe your drive.